Vulnerabilities > Bdthemes > Element Pack > 5.5.4

DATE CVE VULNERABILITY TITLE RISK
2025-04-26 CVE-2025-1458 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-05-22 CVE-2024-3926 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bdthemes CWE-79
5.4
5.4